Related Topics

Using Cisco Security Agent (CSA) on the Application Server

The Cisco Security Agent (CSA) is an application that provides system and data security and allows you to monitor the activities on your system. The CSA is automatically installed on the Application Server with Cisco Unified MeetingPlace and requires no configuration. The red flag at the bottom-right corner of the screen indicates that CSA is running and active on your system.

The CSA consists of a set of rules that govern which users and applications can alter or query critical file systems. It also provides security on ports to minimize unauthorized system sign-ins for malicious purposes. The CSA logs violations of any of the security rules. You can peruse the log periodically to determine what attempted activities were blocked.

Restrictions

Because the CSA application that is included with Cisco Unified MeetingPlace is a standalone version:

You cannot use the CSA Management Console.

You cannot manually update the CSA independent of the Application Server. The Application Server software also installs the CSA.

Procedure

Sign in to the console.

Right-click the red CSA flag in the bottom right.

Select Open Agent Panel.

To change the level of security for your system:

Select System Security.

Move the security level slide bar to the new security level.

Note: We recommend that you keep the security level at medium or high.

(Optional) Select Purge log to remove the entries that appear on the Status > Messages window.

Doing this regularly can help you track new events.

Note: Selecting Purge log does not affect the logs under /var/log/csalog.

Limiting the Number of Failed User Sign-in Attempts

You can configure the number of times in a session that an user can fail to sign in to Cisco Unified MeetingPlace before the user profile becomes "locked." Users with locked user profiles cannot sign in.

Restrictions

The preconfigured system administrator profile cannot be locked.

Before reaching the maximum number of sign-in attempts, the user can restart the counter for failed sign-in attempts by:

Closing the browser and opening a new one to continue the sign-in attempts.

Ending the call to Cisco Unified MeetingPlace and making a new call to continue the sign-in attempts.

Restricting Access to Scheduled Meetings

You can restrict uninvited and unprofiled users from attending meetings that are scheduled by some or all users.

Remember, however, that if meeting attendance is restricted to profiled users, unprofiled external users (such as your customers or business partners) and users with locked profiles cannot attend meetings, even if they are invited.

Procedure

Sign in to the Administration Center.

Select User Configuration.

Select User Groups or User Profiles, depending on whether you want to configure a user group or an individual user profile.

Select Edit or Add New, depending on whether you want to configure an existing or a new user group or user profile.

Related Topics

Restricting Access to Recordings

You can restrict unprofiled users from accessing recordings for meetings that are scheduled by some or all users. Remember, however, that if access to recordings is restricted to profiled users, unprofiled external users (such as your customers or business partners) and users with locked profiles cannot access the recordings, even if they were invited to and attended the meetings.

Procedure

Sign in to the Administration Center.

Select User Configuration.

Select User Groups or User Profiles, depending on whether you want to configure a user group or an individual user profile.

Select Edit or Add New, depending on whether you want to configure an existing or a new user group or user profile.

Related Topics

Restricting the Use of Vanity Meeting IDs

By default, Cisco Unified MeetingPlace allows the meeting scheduler to request a specific meeting ID, such as one that is easy to remember (12345) or one that spells a word (24726 or CISCO). If, however, an uninvited person knows one of the phone numbers for your Cisco Unified MeetingPlace system, that person can easily guess a popular meeting ID and join a meeting that he is not authorized to attend.

You can prevent unauthorized meeting attendance by disabling the ability to request a vanity meeting ID when scheduling a meeting. Instead, a unique, randomly generated ID is assigned to every scheduled meeting. Users cannot change the assigned meeting IDs.

Limiting the Number of Attempted Dial-Out Calls From Voice Meetings

To prevent toll fraud, you can specify the maximum number of dial-out calls that each user can try to make from within a meeting.

Restriction

This procedure affects only the dial-out calls that the user attempts by pressing #31 from the telephone user interface (TUI). You cannot limit the number of dial-out calls that are attempted from the web meeting room.